magnum

History

Johannes Grassler f895b2bd09 Fix global stack list in periodic task The periodic task unneccessarily lists Heat stacks in the global tenant (across all tenants) which the Magnum service user may lack permission for. Also, the most restrictive way to let it use global stack-list is chose a Keystone role and open that operation to any user in any project holding that role. This commit substitutes a direct lookup of all bays' stack_id attributes for this global stack list. This direct lookup will yield the same net result. In order to get the neccessary permissions it will use each bay's stored Keystone trust to act on behalf of the bay's creating user. Co-Authored-By: Jiri Suchomel <jiri.suchomel@suse.com> Closes-Bug: #1589955 Change-Id: I67b176c137c463e37e037970cc4e468d51db30c9	2016-07-27 10:11:51 +02:00
..
examples/etc	[install] Add install guide from source	2016-06-03 16:47:55 +00:00
source	Fix global stack list in periodic task	2016-07-27 10:11:51 +02:00

Johannes Grassler f895b2bd09 Fix global stack list in periodic task

The periodic task unneccessarily lists Heat stacks in the
global tenant (across all tenants) which the Magnum service
user may lack permission for. Also, the most restrictive way
to let it use global stack-list is chose a Keystone role and
open that operation to any user in any project holding that
role.

This commit substitutes a direct lookup of all bays' stack_id
attributes for this global stack list. This direct lookup will
yield the same net result. In order to get the neccessary
permissions it will use each bay's stored Keystone trust to
act on behalf of the bay's creating user.

Co-Authored-By: Jiri Suchomel <jiri.suchomel@suse.com>
Closes-Bug: #1589955
Change-Id: I67b176c137c463e37e037970cc4e468d51db30c9

2016-07-27 10:11:51 +02:00

examples/etc

[install] Add install guide from source

2016-06-03 16:47:55 +00:00

source

Fix global stack list in periodic task

2016-07-27 10:11:51 +02:00